Minimize risk by assessing suppliers during the onboarding process

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Minimize risk by assessing suppliers during the onboarding process

    The Risk Assessments Integration for Supplier Lifecycle Operations enables ServiceNow customers to evaluate and manage potential supplier risks during the onboarding process. By integrating Supplier Lifecycle Operations with Third-party Risk Management, organizations can streamline supplier onboarding and ensure thorough risk assessments are conducted.

    Show full answer Show less

    Key Features

    • Supplier Onboarding: Utilize a guided onboarding playbook to efficiently onboard new suppliers.
    • Due Diligence Requests: Submit and manage due diligence requests that initiate necessary risk assessments.
    • Risk Assessment Workflows: Involve supplier managers and third-party risk assessors in the evaluation process, ensuring comprehensive risk analysis.
    • Risk Scoring: Analyze risk scores to make informed decisions on whether to proceed with onboarding a supplier.
    • Collaboration Portal: Supplier contacts complete risk assessment questionnaires via the Supplier Collaboration Portal.

    Key Outcomes

    By implementing this integration, customers can expect:

    • Enhanced risk visibility and management during the supplier onboarding process.
    • Streamlined workflows that reduce time and effort in evaluating supplier risks.
    • The ability to make informed decisions based on detailed risk assessments and scoring.
    • Improved compliance and risk management, ultimately leading to better supplier relationships and reduced liabilities.

    Overall, this solution equips ServiceNow customers with the tools needed to minimize risk while effectively managing supplier onboarding.

    With Risk Assessments Integration for Supplier Lifecycle Operations, you can identify and assess potential supplier risks when onboarding new suppliers.

    Combined benefits of integrating Supplier Lifecycle Operations with Third-party Risk Management

    Feature Supplier Lifecycle Operations Third-party Risk Management All applications together

    Supplier onboarding

    		 Yes No Yes
    Information and data management Yes No Yes
    Case and dispute management Yes No Yes
    Risk onboarding No Yes Yes
    Third-party risk due diligence, external and internal risk assessment No Yes Yes
    Risk intelligence No Yes Yes
    Risk scoring and monitoring No Yes Yes
    Risk executive dashboard No Yes Yes

    Workflow of Risk Assessments Integration for Supplier Lifecycle Operations

    Use Supplier Lifecycle Operations and Third-party Risk Management together for these benefits:
    • Evaluate supplier risk when onboarding suppliers
    • Analyze risk score to determine whether to onboard a supplier

    The following figure shows an example workflow of how a supplier manager and a third-party risk (TPR) assessor can use the applications together to evaluate supplier risk.

    Figure 1. The Supplier Lifecycle Operations and Third-party Risk Management workflow
    SLO and TPRM risk assessment flow
    In this workflow:
    1. The supplier manager receives a supplier onboarding request.
    2. The supplier manager uses the onboarding playbook, which provides a streamlined and guided process to onboard suppliers. For more information, see Use the supplier onboarding playbook to onboard suppliers.
    3. The supplier manager submits a due diligence request.

      Performing due diligence is a key aspect of onboarding a supplier. The supplier risk assessment is done by the third-party risk (TPR) assessor. For more information, see Get started with Risk Assessments Integration for Supplier Lifecycle Operations.

    4. The TPR manager approves the due diligence request.
    5. The inherent risk questionnaire is created and assigned to the TPR assessor.
    6. The TPR assessor submits the completed IRQ.
    7. Two risk assessment questionnaires are created and assigned to the supplier contact.
    8. The supplier contact logs in to the Supplier Collaboration Portal and completes the risk assessment questionnaires.
    9. A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
    10. The supplier manager accepts the risk rating and closes the due diligence request.

    Requirements for integrating Supplier Lifecycle Operations and Third-party Risk Management

    1. Install the Supplier Lifecycle Operations (com.snc.sn_supplier_mgmt) application from the ServiceNow® Store. For more information, see Install Supplier Case Management.
    2. Install and activate the Risk Assessments Integration for Supplier Lifecycle Operations (com.snc.sn_supplier_tprm) plugin.
    3. Install the Third-party Risk Management (com.sn_vdr_risk_asmt) application from the ServiceNow® Store. For more information, see Configuring Third-party Risk Management.
    4. Install and activate the GRC: Third-party Due Diligence Request (com.sn_tprm_onboarding) plugin.
    Note:
    You must have a license for Third-party Risk Management (formerly Vendor Risk Management) to take advantage of this better together solution.

    Get started with Risk Assessments Integration for Supplier Lifecycle Operations

    Get started with Risk Assessments Integration for Supplier Lifecycle Operations by completing these tasks:

    1. Create a supplier. For more information, see Create a supplier from the Source-to-Pay Workspace.
    2. Onboard a new supplier using playbooks. For more information, see Use the supplier onboarding playbook to onboard suppliers.
    3. The playbook creates a due diligence request. For more information about the fields in this activity, see Request due diligence for a third-party engagement.
    4. The supplier manager fills and submits a due diligence request, which is assigned to the TPR manager.
      Note:
      For each due diligence request, the system auto-assigns a unique ID number that starts with the prefix DDR.
    5. If the due diligence request is approved by the TPR manager, the inherent risk questionnaire (IRQ) is sent to the TPR assessor (internal stakeholder).
    6. After the TPR assessor submits the completed IRQ, the due diligence process begins.
    7. The due diligence process creates two risk assessments, each containing an external due diligence questionnaire, one for the third-party and another for engagement.
    8. After the supplier contacts complete and submit the external questionnaires from the Supplier Collaboration Portal, the TPR manager goes through the questionnaires and approves the due diligence request. For more information, see Complete a risk assessment from the Supplier Collaboration Portal.
    9. A contract record is created with an approval. After the contract record is approved, the risk record is updated with the final rating.
    10. After the supplier manager accepts the risk rating, an email is sent to the requester informing that the due diligence request has been successfully processed and approved.
    11. The supplier manager closes the due diligence request (case).
    12. As a supplier manager, you can use the risk assessment result data in combination with any other data to determine whether to continue or cancel the onboarding process.